Shoring up ecommerce website security can help businesses and their customers avoid a cyber nightmare before Christmas says the national Computer Emergency Response Team.

'We expect cyber attackers will try to cash in as more and more people flock to the internet to do their Christmas shopping,” says CERT NZ director Rob Pope.

'Lax security measures for online trading websites can make it easy for attackers to steal customers' money and data. This can also have serious ramifications for businesses, including loss of revenue and reputational damage.”

CERT NZ is the government agency that supports organisations and individuals affected by cyber security incidents.

It has joined forces with Consumer Protection to promote secure online trading and shopping practices among businesses and customers.

The Trade Smart Online campaign, running for six weeks through November and December, includes advice about basic steps businesses can take such as updating software and devices.

Consumer Protection's Buy Smart Online campaign focuses on consumers and provides steps they can take to stay safe and secure when shopping online.

Research from CERT NZ shows small and medium enterprises in New Zealand are becoming increasingly reliant on online trading. More than 40 per cent of SMEs with an ecommerce website say online sales account for over half of their turnover and many have at least some of the recommended measures in place.

However, only 34 per cent of SMEs who have a website feel they have a reasonably good understanding of cyber security and 60 per cent admit that they should do more to keep their business website secure.

As an example, 42 percent of SMEs with an online store run a quarterly vulnerability scan to check for any weaknesses in their website which attackers can exploit.

'Being across everything on your ecommerce website makes it easier to detect when something is awry,” says Rob.

'Lack of cyber security knowledge, money or time may be the reasons why some businesses are not properly securing their online stores. It can also be overwhelming knowing who to turn to for guidance, or knowing where to start.”

CERT NZ recommends businesses take the following four steps to cover the trade smart online basics:

• Enable HTTPS across their website to encrypt customer information which keeps it confidential.
• Automate updates to ensure they have the most secure software.
• Auto-renew domain names to avoid attackers claiming it to set up a scam website.
• Speak to their bank about becoming PCI DSS² compliant to ensure customer card data is secure.

More information about the Trade Smart Online campaign can be found at here.

Details about Consumer Protection's Buy Smart Online are available on the website.